skills/adobe/skills/rollout/Gen Agent Trust Hub

rollout

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill performs expected operations for a deployment and verification tool, including reading local site data, performing network GET requests for verification, and modifying project files to apply intended fixes.
  • [DATA_EXPOSURE]: The skill handles project configuration and uses a deployment token (DA_TOKEN), but no hardcoded credentials or unauthorized data exfiltration patterns were found. Network activity is limited to content verification and image resolution checks.
  • [COMMAND_EXECUTION]: The skill provides instructions for the user to execute Node.js scripts from the command line. These scripts perform deterministic file and network operations without utilizing dynamic execution (eval/exec) or acquiring elevated privileges.
  • [INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface for untrusted data (HTML files from the site being migrated). While these files could theoretically contain content designed to influence the regex-based 'autofix' logic, the risk is considered a standard operational aspect of a migration tool controlled by the developer.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 12:44 PM
Security Audit — agent-trust-hub — rollout